4. Performance problem when Apply Changes with Large FW Ruleset

Performance problem when Apply Changes with Large FW Ruleset

  • B

    Hi,

    We are currently running PFSENSE 2.4.2-RELEASE-p1 and have a very large firewall ruleset (currently 7,391 rules in pfctl), which we recently reduced down from ~10,000.

    After hitting "apply changes" on the firewall rules we start seeing (1-10%) packet loss to the gateway. The duration and severity of the packet loss seems to correlate with the amount of rules.

    We have added more resources to the VM and the CPU does not exceed ~50%, RAM usage is only ~10%.

    Has anyone else run into this problem? At the moment we are mitigating by performing changes at night and are spinning up additional pfsense instances to move services onto.

    Thanks.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy